The present application relates generally to computer systems and networks, and, more particularly, to passwords for accessing computer systems and networks.
Communications networks are widely used for nationwide and worldwide communication of voice, multimedia and/or data. As used herein, the term “communications networks” includes public communications networks, such as the Public Switched Telephone Network (PSTN), terrestrial and/or satellite cellular networks, private networks and/or the Internet.
The Internet is a decentralized network of computers that can communicate with one another via Internet Protocol (IP). The Internet includes the World Wide Web (web) service facility, which is a client/server-based facility that includes a large number of servers (computers connected to the Internet) on which web pages or files reside, as well as clients (web browsers), which interface users with the web pages. The topology of the web can be described as a network of networks, with providers of network services called Network Service Providers, or NSPs. Servers that provide application-layer services may be referred to as Application Service Providers (ASPs). Sometimes a single service provider provides both functions.
It is common to use passwords to allow users to access various web-based services, computer systems, and other types of communications networks. Most security systems require passwords to be of a certain length and complexity. In these systems, passwords that satisfy a rigid set of proscribed requirements are then generally granted a common duration of useful life, after which the end user may be required to supply or generate a new password, or access to the system may be terminated.
However, because the use of passwords is so pervasive, it is not unusual for a user to have to remember a large number of different passwords. It may be difficult for users to remember large numbers of passwords, particularly complex passwords that satisfy strong security measures. Because users may be required to generate new passwords periodically, many users may create passwords that are sufficient to satisfy only the minimum level of security deemed acceptable. For services where password access is required, but where market requirements call for a broad appeal to a large user base, overly-restrictive password requirements can reduce a service's appeal. On the other hand, under-restrictive password requirements may cause a greater risk of customer data compromise.